Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
24-08-2023 10:32
General
-
Target
VAC-BYPASS.pyc
-
Size
49KB
-
MD5
25dc5a591c5b120ac755f13295c04fdf
-
SHA1
9ba08ff5b9c8b255260d5508499837402fe6edd8
-
SHA256
44f2f2a3bc2e21c5c5b0ab16cc014a37faf71d9fc1ed3526f2f1d719f3a254bb
-
SHA512
e94cf6ef42adb3d156df5f816ac814116b852d2748fca6a3946cf480dfd14ad218098271c1b85dbac2914f4e2bcfc077325fe748c094cffe606aa2bdc0f1689b
-
SSDEEP
1536:t9MWn/28/r+5vipuMqK8GRY4GKT10+SffloRvJPODlhLxmUSgeC:pHiUpu7K8iY4GKT1sloRvJP5UaC
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\VAC-BYPASS.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\VAC-BYPASS.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\VAC-BYPASS.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51f61eae64edddf54c788fe7c064b0306
SHA1fe25ee722d56e75fd9315cfe782e6742fe46b1a1
SHA25607d56253cf8670247e94826e8b4f2e793330307953bf9e9f125cef3d3a0c8c4d
SHA5123a4b7f860378003986a3c69b829eae23795a7f919626a6eec7578e64415e3c82d40d8091aea9364bfe1a0a21fb58d42e3e8c424a0e11745a0bc223c644b3a8aa